Using PGP Signatures for Securing SIP Infrastructures

Huebner, Sebastian; Rueger, Nicolas; Schnor, Bettina

Home // ICN 2012, The Eleventh International Conference on Networks // View article

Using PGP Signatures for Securing SIP Infrastructures

Authors:
Sebastian Huebner
Nicolas Rueger
Bettina Schnor

Keywords: Voice-over-IP (VoIP); Authentication; Pretty Good Privacy (PGP); Session Initiation Protocol (SIP); Signature

Abstract:
Because of increasing bandwidth and decreasing costs for the provider, Voice-over-IP is an alternative to the Public Switched Telephone Network for many users. But with the propagation of Voice-over-IP new harassments and threats occur. Assuring the identity of communication partners is significant in this context. Without the authentication of communication partners, the infrastructure is vulnerable to attacks like URI-spoofing, call and registration hijacking. Authenticity is necessary for detecting and avoiding Spam over Internet Telephony (SPIT). Only if the identity of a caller can be verified, a source of SPIT can be exposed and appropriate countermeasures can be taken. In this paper, we present a decentralized approach for authentication in the Session Initiation Protocol (SIP) using PGP signatures. Due to already existing data structures this mechanism can be easily integrated in the SIP without the need of new SIP extensions. Measurements show that our approach results into tolerable overhead.

Pages: 102 to 108

Copyright: Copyright (c) IARIA, 2012

Publication date: February 29, 2012

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-183-0

Location: Saint Gilles, Reunion

Dates: from February 29, 2012 to March 5, 2012